Phishing analysis with Powershell

We all know that phishing is something that is really hard to defend against, human error is the worst error.  On top of that, not all organizations can afford to throw Security Analysts at the problem or buy expensive Security Orchestration Tools and Threat Feeds to do automated phishing analysis.  As such Smells Phishy was born

What is it?

Smells Phishy is a Powershell script that essentially listens to a reporting mailbox in Microsoft Exchange, breaks the e-mail down into its core components, extracts observables from the message components (header, body, etc.) and compares them to threat feeds to determine if its a phishing e-mail or not.

How does it work?

1. Download smells phishy https://github.com/n3tsurge/smells-phishy
2. Provide it the API keys for your analytics services (URL Scan, VT, etc.)
3. Point it at a reporting mailbox
4. Let it poll away!